| Date |
Topic |
Notes |
| |
|
Introduction
|
| |
Wed Jan 18
|
Course overview and logistics (Slides )
|
| |
Mon Jan 23
|
Security intro & class projects (Slides)
Optional Reading:
Reflections on Trusting Trust, by Ken Thompson
The Legitimate Vulnerability Market. Inside the Secretive World of 0-day Exploit Sales, by Charlie Miller
|
| |
|
Part 1: Secure Coding
|
| |
Wed Jan 25
|
Control hijacking attacks and defense (I)
Optional Reading:
Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade, by Crispin Cowan, et al.
Basic Integer Overflows, by blexim
Bypassing Browser Memory Protections, by A. Sotirov
|
Lab groups due; Lab 1 out
|
| |
Mon Jan 30
|
Control hijacking attacks and defense (II)
|
| |
Wed Feb 1
|
Fuzzing and dynamic symbolic execution
|
Project & group preference due
|
| |
Fri Feb 3
|
-
|
Lab 1 due
|
| |
Mon Feb 6
|
Static analysis and program verification
|
Lab 2 out
|
| |
|
Part 2: Secure Architecture Concepts and Principles
|
| |
Wed Feb 8
|
Isolation and reference monitor
|
| |
Mon Feb 13
|
Secure architecture (capabilities and information flow)
|
| |
Wed Feb 15
|
Trusted computing and hardware capabilities
|
| |
Fri Feb 17
|
-
|
Lab 2 due
|
| |
Mon Feb 20
|
No class (holiday)
|
| |
Wed Feb 22
|
Security principles and case studies
|
|
| |
Fri Feb 24
|
-
|
Project design doc due
|
| |
|
Part 3: Mobile Security
|
| |
Mon Feb 27
|
Mobile platform security
|
| |
Wed Feb 29
|
Device security management and mobile application security & privacy
|
Lab 3 out
|
| |
|
Part 4: Cryptography
|
| |
Mon Mar 5
|
Cryptography concepts
|
| |
Wed Mar 7
|
Practical cryptography
|
| |
Fri Mar 9
|
-
|
Lab 3 due
|
| |
|
Part 5: Web Security
|
| |
Mon Mar 12
|
Web security overview and concepts
|
Lab 4 out
|
| |
Wed Mar 14
|
Session management and user authentication
|
| |
Fri Mar 16
|
-
|
Lab 4 due
|
| |
Mon Mar 19
|
Web application security
|
Lab 5 out
|
| |
Wed Mar 21
|
HTTPS, goals and pitfalls
|
Project implementation milestone 1 due
|
| |
|
Interlude
|
| |
Week of Mar 26
|
Spring break
|
| |
Mon Apr 2
|
Midterm Review
|
| |
Wed Apr 4
|
Midterm
|
| |
|
Part 6: Network Security and Malware
|
| |
Mon Apr 9
|
Network protocols and vulnerabilities
|
| |
Wed Apr 11
|
Network defenses and security testing
|
| |
Fri Apr 13
|
-
|
|
| |
Mon Apr 16
|
Malware overview and viruses
|
| |
Tue Apr 17
|
|
Lab 5 Due
|
| |
Wed Apr 18
|
Worms, botnets, attacks & defenses
|
Lab 6 out
|
| |
Fri Apr 20
|
-
|
Project implementation milestone 2 due
|
| |
Mon Apr 23
|
Denial of service attacks
|
| |
|
Summary
|
| |
Wed Apr 25
|
Summary and security principles
|
| |
Fri Apr 27
|
-
|
Lab 6 due
|
| |
Fri May 10
|
-
|
Final project report due
|
| |
Fri May 11
|
-
|
Final project presentations
|